Just nu i M3-nätverket
Jump to content

Zipp eller 927: TrojanProxy+Starware


Metalmaid

Recommended Posts

Sitter och försöka hjälpa en kompis att sanera.

 

Datorn är scannad med AdAware, Spybot, Stinger, Ewido, E-Scan men tydligen finns fortfarande lite pest kvar enligt Spyware Doctor.

 

Senaste scanningen visade 37 träffar fördelat på Starware och Trojan.Proxy.Small.BO

 

HiJack logg kommer här...

 

Logfile of HijackThis v1.99.1

Scan saved at 20:05:45, on 2005-10-27

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Alwil Software\Avast4\ashServ.exe

H:\Installerade program\ewido\security suite\ewidoctrl.exe

C:\Program\Motherboard Monitor 5\MBM5.EXE

C:\Program\Creative\PC-CAM Center\CAMTRAY.EXE

C:\Program\Labtec\LABTEC~1\Keyboard.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\D-Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\nvsvc32.exe

H:\Installerade program\Spyware Doctor\sdhelp.exe

C:\Program\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

H:\INSTAL~1\SPYWAR~1\swdoctor.exe

C:\WINDOWS\Explorer.exe

H:\Download\Program\hijack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Installerade program\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\INSTAL~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - H:\INSTAL~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)

O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - (no file)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - H:\INSTAL~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll

O4 - HKLM\..\Run: [MBM 5] C:\Program\Motherboard Monitor 5\MBM5.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program\Creative\PC-CAM Center\CAMTRAY.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KeyBoard] C:\Program\Labtec\LABTEC~1\Keyboard.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Installerade program\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - H:\INSTAL~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0819.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program\Yahoo!\Messenger\yhexbmes0819.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\WINDOWS\System32\shdocvw.dll (HKCU)

O12 - Plugin for .3g2: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/se/win/QuickTimeInstaller.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll

O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://a320.g.akamai.net/7/320/1456/v50245/www.pulse3d.com/players/english/5.0/win/PulsePlayer5AxWin.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.aftonbladet.se/it/special/command/cod/cabs/cssweb.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4314/mcfscan.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido security suite control - ewido networks - H:\Installerade program\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - H:\Installerade program\ewido\security suite\ewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - H:\Installerade program\Spyware Doctor\sdhelp.exe

 

Hjälp mottages tacksamt.

 

Alltid retar det nån.

 

[inlägget ändrat 2005-10-27 23:46:29 av Metalmaid]

Link to comment
Share on other sites

Har skickat det vidare, men han är nog död framåt åtta imorgonkväll. Tack så länge så kommer jag tillbaka med en ny logg.

Alltid retar det nån.

 

Link to comment
Share on other sites

Nu har kompisen vaknat och scannat, loggarna kommer här....

******************

Kaspersky:

******************

Friday, October 28, 2005 21:44:04

Operating System: Microsoft Windows XP Professional, (Build 2600)

Kaspersky On-line Scanner version: 5.0.67.0

Kaspersky Anti-Virus database last update: 28/10/2005

Kaspersky Anti-Virus database records: 156940

 

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

A:C:D:E:F:G:H:\

 

Scan Statistics

Total number of scanned objects 47858

Number of viruses found 6

Number of infected objects 22

Number of suspicious objects 0

Duration of the scan process 2717 sec

 

Infected Object Name Virus Name

C:\Documents and Settings\fråhm\Skrivbord\manders\mirc614.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.614

 

C:\Documents and Settings\fråhm\Skrivbord\manders\mirc614.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614

 

C:\Program\Alwil Software\Avast4\DATA\chest\00000008.mwt Infected: Backdoor.Win32.Agent.ec

 

C:\Program\Alwil Software\Avast4\DATA\chest\00000009.mwt Infected: Backdoor.Win32.Agent.ec

 

C:\Program\DivXPro511Adware.exe/stream/data0019 Infected: not-a-virus:AdWare.Win32.Gator.3202

 

C:\Program\DivXPro511Adware.exe/stream Infected: not-a-virus:AdWare.Win32.Gator.3202

 

C:\Program\DivXPro511Adware.exe Infected: not-a-virus:AdWare.Win32.Gator.3202

 

C:\Program\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612

 

C:\Program\mirc612.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612

 

C:\WINDOWS\system32\DateMakerSweden-uninstall.exe Infected: not-a-virus:Dialer.Win32.gen

 

E:\download\Program\cute4032.exe/WISE0011.BIN/CTInstall.exe Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\download\Program\cute4032.exe/WISE0011.BIN/SimpleRegistration.dll Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\download\Program\cute4032.exe/WISE0011.BIN/tsad.dll Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\download\Program\cute4032.exe/WISE0011.BIN/TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\download\Program\cute4032.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\download\Program\cute4032.exe Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\upload\cute4032.exe/WISE0011.BIN/CTInstall.exe Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\upload\cute4032.exe/WISE0011.BIN/SimpleRegistration.dll Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\upload\cute4032.exe/WISE0011.BIN/tsad.dll Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\upload\cute4032.exe/WISE0011.BIN/TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\upload\cute4032.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.TimeSink

 

E:\upload\cute4032.exe Infected: not-a-virus:AdWare.Win32.TimeSink

 

Scan process completed.

*************

Spyware Doctor

*************

Infection Name Location Risk

Starware HKCU\Software\Starware Low

Starware HKCU\Software\Starware## Low

Starware HKCU\Software\Starware\OriginalAutoSearch Low

Starware HKCU\Software\Starware\OriginalAutoSearch## Low

Starware HKCU\Software\Starware\OriginalSearchAssistant Low

Starware HKCU\Software\Starware\OriginalSearchAssistant## Low

Starware HKCU\Software\Starware\OriginalSearchAssistant##SearchAssistant Low

Starware HKCU\Software\Starware\OriginalSearchAssistant##Use Search Asst Low

Starware HKCU\Software\Starware\OriginalSearchAssistant##Use Custom Search

URL Low

Starware HKCU\Software\Starware\OriginalURLSearchHooks Low

Starware HKCU\Software\Starware\OriginalURLSearchHooks## Low

Starware HKCU\Software\Starware\SearchAssistant Low

Starware HKCU\Software\Starware\SearchAssistant## Low

Starware HKCU\Software\Starware\SearchAssistant##SearchAssistant Low

Starware HKCU\Software\Starware\SearchAssistant##Use Search Asst Low

Starware HKCU\Software\Starware\SearchAssistant##Use Custom Search URL Low

Trojan.Proxy.Small.BO HKLM\SOFTWARE\Microsoft##ATI_VER High

Tracking Cookie(s) C:\Documents and

Settings\fråhm\Cookies\fråhm@tradedoubler[2].txt Medium

Tracking Cookie(s) C:\Documents and

Settings\fråhm\Cookies\fråhm@atdmt[2].txt Medium

Advertising C:\Documents and Settings\fråhm\Cookies\fråhm@doubleclick[1].txt

Low

Tracking Cookie(s) C:\Documents and

Settings\fråhm\Cookies\fråhm@atwola[1].txt Medium

Tracking Cookie(s) C:\Documents and Settings\fråhm\Cookies\fråhm@2o7[1].txt

Medium

Advertising C:\Documents and Settings\fråhm\Cookies\fråhm@advertising[1].txt

Low

Advertising C:\Documents and Settings\fråhm\Cookies\fråhm@adtech[2].txt Low

Tracking Cookie(s) C:\Documents and

Settings\fråhm\Cookies\fråhm@cgi-bin[2].txt Medium

Starware C:\Documents and Settings\All Users\Application Data\Starware Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\buttons Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\buttons\cursorcafe.bmp Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\buttons\cursorcafeA.bmp Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\buttons\games.bmp Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\buttons\gamesA.bmp Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\buttons\screensaver.bmp Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\buttons\screensaverA.bmp Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\contexts Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\contexts\error.xml Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\contexts\related.xml Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\contexts\travel.xml Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\contexts\Travel.xml.backup Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\SimpleUpdate Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\SimpleUpdate\ProductMessagingConfig.xml Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\SimpleUpdate\TimerManagerConfig.xml Low

Starware C:\Documents and Settings\All Users\Application

Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup Low

*********************

Så vad blir nästa steg?

 

 

 

Alltid retar det nån.

 

Link to comment
Share on other sites

 

ang kaspersky så får man inte möjligheten att ta bort det som hittas?

men jag kan minnas fel!

 

är du helt säker på att inte ewido fixar många av dessa!?

scanna online och välj ta bort sen

http://www.ewido.net/en/onlinescan/

 

ett annat alt är ju att ta bort dessa filer/program manuellt, förstårs.

 

ang spysweeper (om man nu inte kan ta bort med hjälp av programmet) så inte för att jag känner till nåt om Starware så ser jag att det ska gå att avinstallera på vanligt vis. går det inte så är det väl bara ta bort mappen

C:\Documents and Settings\All Users\Application

Data\Starware

 

den här får du väl fixa manellt i registret

Trojan.Proxy.Small.BO

HKLM\SOFTWARE\Microsoft##ATI_VER

 

Link to comment
Share on other sites

 

ang hjt loggen så skulle jag (personligen) ta bort dessa

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

 

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll

 

O2 - BHO: IEByteRange - {722D2939-A14A-41A9-9EAC-AB8F4E295819} - (no file)

O2 - BHO: (no name) - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - (no file)

 

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll

 

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

 

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405

10.cab

 

 

 

Link to comment
Share on other sites

Ewido plockade bort 42 filer. Spyware Dictor plockar inte vort i gratisversionen utan scannar bara.

 

Plocka bort manuellt är väl det som finns kvar...nått tips på hur man ska gå tillväga?

 

Alltid retar det nån.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...